Subscribe!

Site Hacked for the Third Time

Last Thursday evening, I discovered that our blog had been hacked earlier in the day. But this wasn’t the first time it’s been hacked. A few months ago, the site went several weeks with files infected by malware before I learned about it. And our first encounter with malware occurred last May, when our webhost informed us that some sites might have been infected.

After the second incident, I did some research and took several measures to improve the security of this site. However, we were still infected again last week. Apparently, there’s no guarantee that your site won’t be infected again!

If you run a site built on WordPress, it’s worth reading Hardening WordPress. It’s also a good idea to search for articles on improving security. After a lot of research in the wake of getting hacked, I did a number of things to improve security. I haven’t kept a list of everything I’ve done, but here are a few things that I hope will help in the future …

Backup the site, regularly. I chose to use Repono (there’s also a WordPress plugin), which is very inexpensive. After a few months of usage, I’m still using the free $5 credit that I started with (although it may go a little faster now because I’ve increased the frequency of backups from monthly to weekly). There are some other backup options, but this is the one I’ve settled on. Obviously, having a backup would be huge if we were to lose our content!

Install plugins to help with security. There are many WordPress security plugins, and I’ve tried a number of them. There may be better ones, but at the moment, I’m using these six plugins …

Limit Login Attempts (Since installing this plugin, we’ve received a number of emails informing us that attempted hackers have been locked out for too many attempts to login to the site). By the way, make sure you delete WordPress’s default “admin” username to reduce the likelihood of successful brute force attempts (if I remember correctly, I added a new user, transferred my posts to the new user, then deleted the “admin” user.)

So far, we’ve been happy with our webhost, DreamHost, which is the only webhost we’ve ever used. Dreamhost has been very helpful in getting our site cleaned up each time.

Well, I’ve learned the hard way that guarding your site requires vigilance. Fortunately, though, it’s been more of a nuisance than a total disaster (i.e., we haven’t lost any content; we just had to clean up files, infected all three times by the eval base64_decode code.

If you’ve had experience with a hacked site, please leave a comment reporting what you’ve done to improve your security. If your site hasn’t been hacked, take measures now!